Over 60 percent of organizations hit by ransomware in 2016

Ransomware continues to be a major problem, a new report reveals that more than 60 percent of organizations suffered some form of ransomware attack in 2016.

The good news is that 54 percent successfully retrieved their data without resorting to paying the ransom. These are among the findings of the fourth-annual Cyberthreat Defense Report from security research firm CyberEdge Group.

Among other findings are that nearly four in five respondents’ organizations were affected by a successful cyberattack in 2016, with a third being breached six or more times in the space of a year. Despite this, however, there are signs of optimism with more than a third of respondents considering it unlikely their organization will be the victim of a successful cyberattack in 2017. Respondents in the government (39.1 percent) and healthcare (49.2 percent) sectors are more optimistic.

Specific concerns surround mobile devices which are widely seen as the weakest link for security, failure to monitor privileged users adequately, and a lack of confidence in patch management programs. In addition two-thirds of respondents reported not being fully satisfied with Microsoft’s security measures for Office 365.

When asked what’s inhibiting them from securing their employers’ networks, “low security awareness among employees” was the top response for the fourth-consecutive year. There are also worries about a skills crisis, with nine out of 10 respondents indicating their organization is suffering from a global shortfall of skilled IT security personnel.

“If the definition of insanity is doing the same thing repeatedly and expecting a different result, then perhaps, as an industry, we’re going insane,” says Steve Piper, CEO of CyberEdge Group. “Each year, we invest more in security, yet frequency and severity of data breaches rise. But why? I believe I can offer two partial explanations, inspired by this year’s Cyberthreat Defense Report. First, for the fourth-consecutive year, respondents indicate that ‘low security awareness among employees’ is the greatest inhibitor. OK, then invest more in training! And second, we consistently hear that most data breaches stem from exploiting old vulnerabilities. OK, then get patching! Investing in best-of-breed security defenses is always prudent, but to stop the bleeding, we’ve got to invest more in our human firewalls and reducing our network attack surfaces.”